Supercomputers across Europe were infected with cryptocurrency mining malware, forcing operators to shut the systems down to investigate the attack.

Many of the impacted systems are used to run workloads that hope to help in the fight against Covid-19, along with other important research.

While there have been several reports of cyber attacks on Covid-19 research institutions by foreign nation-states, this currently does not appear to be the case with this recent spate of attacks. The European Grid Infrastructure (EGI) security team released details on two of the recent attacks, stating they found mining malware on supercomputer servers. "If true, it is more likely these are criminal financially motivated attacks than the espionage attacks against research centers that the FBI has warned about this week," security company Cado said in a blog post.

When they are needed most

ARCHER
– The University of Edinburgh

The University of Edinburgh was the first to declare that something was wrong, last Monday reporting a "security exploitation on the ARCHER login nodes."

ARCHER, one of the UK's most powerful supercomputers, is still offline as the system is scanned and all of ARCHER’s existing passwords and SSH keys are rewritten. The university said that it is working with the National Cyber Security Centre (NCSC) and system manufacturer HPE/Cray.

"There is currently nothing to suggest that any research, client or personal data has been impacted by this issue and all relevant stakeholders are being updated," a University of Edinburgh spokesperson said.

Later that day, bwHPC, the group coordinating research projects across Baden-Württemberg, supercomputers in Germany said that five of its high-performance computing clusters had to be shut down due to similar "security incidents."

Among the affected systems is the powerful Hawk supercomputer at the University of Stuttgart.

Then, over in Spain, security researcher Felix von Leitner on Wednesday claimed that a supercomputer in Barcelona had been hit, and was brought offline to clean the system.

The next day, the news continued: First, the Leibniz Computing Center declared a security breach, and took its cluster offline. Next, the Jülich Research Center shut down the JURECA, JUDAC, and JUWELS supercomputers, followed by the Taurus system at the Technical University in Dresden.

Over the weekend, it was revealed that a cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany had been impacted, and that the Swiss Center of Scientific Computations (CSCS) was equally affected.

"Artificial intelligence and supercomputers are at the forefront of the coronavirus response," the European Commission said in a tweet last month.

"Three powerful European supercomputing centres in Bologna, Barcelona and Jülich are currently being used to research and develop vaccines, treatments and diagnoses for the coronavirus."

The attacks may have spread outside of Europe, with Cado Security claiming that they "found an additional server that belongs to a super-computer cluster operated by a well-known University in the United States" The company said: "We are reaching out to them as they may also be compromised."